DES (Data Encryption Standard)

DES was one of the most popular block symmetric ciphers. It was created in the early 1970s at IBM and adopted as a federal standard by NBS in 1976.

Block cipher with symmetric secret key

Block length = 64 bits

Key length = 56 bits

DES is one of the most thoroughly examined encryption algorithms. In 1981 it was included in ANSI standards as Data Encryption Algorithm for private sector.
At the beginning of the 21st century, DES started to be considered insecure, mainly due to its relatively short secret key length, what makes it vulnerable to brute force attacks. In 2001 DES cipher was replaced by AES. DES is still one of the most popular cipher.

DES uses the key which is 64-bit long, however only 56 bits are actually used by the algorithm. Every 8th bit of the key is a control one and it can be used for parity control.

In the encryption process, the data is first divided into 64-bit long blocks. Then, each block undergoes the following operations:

Semiweak keys in DES

A semiweak key in the DES cipher is a key for which one can find another key that produces the same encrypted ciphertext from the same given plaintext. There are twelve known semiweak keys in DES (expressed in hexadecimal, along with parity bits):

Initial and Final Permutations in DES

The Initial and Final Permutations have no influence on security. They don't use a secret key and can be undone by anybody. They were introduced to make hardware implementation easier in some contexts. A hardware circuit which receives data over an 8-bit bus can accumulate the bits into eight shift registers, which is more efficient (in terms of circuit area) than a single 64-bit register. This process naturally performs the Initial Permutation of DES.

Let's assume that somebody is designing a hardware circuit which should do some encryption with DES. The data will be received in blocks of 8 bits. This means that there are 8 lines, each yielding one bit at each clock. A common device for accumulating data is a shift register: the input line plugs into a one-bit register, which itself plugs into another, which plugs into a third register, and so on. At each clock, each register receives the contents from the previous register, and the first register accepts the new bit. Therefore, the contents are shifted.

With an 8-bit bus, 8 shift registers are needed, each receiving 8 bits for every input block. The first register receives bits 1, 9, 17, 25, 33, 41, 49 and 57. The second register receives bits 2, 10, 18, ..., and so on. After eight clocks, eight registers received the complete 64-bit block and it is time to proceed with the DES algorithm itself.

If initial permutation was not used, then the first step of the first round would extract the 'left half' (32 bits) which, at that point, would consist of the leftmost 4 bits of each of the 8 shift registers. The 'right half' would also get bits from all the 8 shift registers. If you think of it as wires from the shift registers to the units which use the bits, then you end up with a bunch of wires which heavily cross each other. Crossing is doable but requires some circuit area, which is the expensive resource in hardware designs.

On the other hand, if you consider that the wires must extract the input bits and permute them as per the DES specification, you will find out that there is no crossing anymore. In other words, the accumulation of bits into the shift registers inherently performs a permutation of the bits, which is exactly the initial permutation of DES. By defining that initial permutation, the DES standard says: 'well, now that you have accumulated the bits in eight shift registers, just use them in that order, that's fine'.

The same thing is done again at the end of the algorithm during the Final Permutation.

DES was designed at a time when 8-bit bus were the top of the technology and one thousand transistors were an awfully expensive amount of logic.

Security of DES

DES is considered to be a well-designed and effective algorithm. However, just after its publication, many cryptographers believed that the size of its key is too small. At present, the 56-bit long key can be broken relatively cheaply, by using brute force attacks within a few days.

It is quite easy to attack DES knowing some parts of plaintext. The intruder can try all 256 possible keys. He looks for a key, which used for decryption of an encrypted block of the known plaintext, produces exactly the same plaintext. In practice, it is enough to know two or three blocks of plaintext to be able to determine if the currently testing key which works for them, will be working for other blocks as well. Probability that the found key is incorrect and converts correctly only the known plaintext blocks is negligibly small.

The fastest known attacks on DES use linear cryptanalysis. They require knowing 243 blocks of plaintext and their time complexity is around 239 to 243.

In S-Boxes encryption each 6-bit input block is replaced by 4-bit output.

If input bits are marked as a1, a2, a3, a4, a5 and a6, then the a1 and a6 comprise a 2-bit figure standing for a row, and the a2, a3, a4 and a5 comprise a 2-bit figure standing for a column (both columns and rows are numbered from zero). Where the row and column cross, there is the output figure of the block. For example, if the input string of bits is 101010, the output will be 0110.

S1

x0000x

x0001x

x0010x

x0011x

x0100x

x0101x

x0110x

x0111x

x1000x

x1001x

x1010x

x1011x

x1100x

x1101x

x1110x

x1111x

0yyyy0

14

4

13

1

2

15

11

8

3

10

6

12

5

9

0

7

0yyyy1

0

15

7

4

14

2

13

1

10

6

12

11

9

5

3

8

1yyyy0

4

1

14

8

13

6

2

11

15

12

9

7

3

10

5

0

1yyyy1

15

12

8

2

4

9

1

7

5

11

3

14

10

0

6

13

S2

x0000x

x0001x

x0010x

x0011x

x0100x

x0101x

x0110x

x0111x

x1000x

x1001x

x1010x

x1011x

x1100x

x1101x

x1110x

x1111x

0yyyy0

15

1

8

14

6

11

3

4

9

7

2

13

12

0

5

10

0yyyy1

3

13

4

7

15

2

8

14

12

0

1

10

6

9

11

5

1yyyy0

0

14

7

11

10

4

13

1

5

8

12

6

9

3

2

15

1yyyy1

13

8

10

1

3

15

4

2

11

6

7

12

0

5

14

9

S3

x0000x

x0001x

x0010x

x0011x

x0100x

x0101x

x0110x

x0111x

x1000x

x1001x

x1010x

x1011x

x1100x

x1101x

x1110x

x1111x

0yyyy0

10

0

9

14

6

3

15

5

1

13

12

7

11

4

2

8

0yyyy1

13

7

0

9

3

4

6

10

2

8

5

14

12

11

15

1

1yyyy0

13

6

4

9

8

15

3

0

1

1

2

12

5

10

14

7

1yyyy1

1

10

13

0

6

9

8

7

4

15

14

3

11

5

2

12

S4

x0000x

x0001x

x0010x

x0011x

x0100x

x0101x

x0110x

x0111x

x1000x

x1001x

x1010x

x1011x

x1100x

x1101x

x1110x

x1111x

0yyyy0

7

13

14

3

0

6

9

10

1

2

8

5

11

12

4

15

0yyyy1

13

8

11

5

6

15

0

3

4

7

2

12

1

10

14

9

1yyyy0

10

6

9

0

12

11

7

13

15

1

3

14

5

2

8

4

1yyyy1

3

15

0

6

10

1

13

8

9

4

5

11

12

7

2

14

S5

x0000x

x0001x

x0010x

x0011x

x0100x

x0101x

x0110x

x0111x

x1000x

x1001x

x1010x

x1011x

x1100x

x1101x

x1110x

x1111x

0yyyy0

2

12

4

1

7

10

11

6

8

5

3

15

13

0

14

9

0yyyy1

14

11

2

12

4

7

13

1

5

0

15

10

3

9

8

6

1yyyy0

4

2

1

11

10

13

7

8

15

9

12

5

6

3

0

14

1yyyy1

11

8

12

7

1

14

2

13

6

15

0

9

10

4

5

3

S6

x0000x

x0001x

x0010x

x0011x

x0100x

x0101x

x0110x

x0111x

x1000x

x1001x

x1010x

x1011x

x1100x

x1101x

x1110x

x1111x

0yyyy0

12

1

10

15

9

2

6

8

0

13

3

4

14

7

5

11

0yyyy1

10

15

4

2

7

12

9

5

6

1

13

14

0

11

3

8

1yyyy0

9

14

15

5

2

8

12

3

7

0

4

10

1

13

11

6

1yyyy1

4

3

2

12

9

5

15

10

11

14

1

7

6

0

8

13

S7

x0000x

x0001x

x0010x

x0011x

x0100x

x0101x

x0110x

x0111x

x1000x

x1001x

x1010x

x1011x

x1100x

x1101x

x1110x

x1111x

0yyyy0

4

11

2

14

15

0

8

13

3

12

9

7

5

10

6

1

0yyyy1

13

0

11

7

4

9

1

10

14

3

5

12

2

15

8

6

1yyyy0

1

4

11

13

12

3

7

14

10

15

6

8

0

5

9

2

1yyyy1

6

11

13

8

1

4

10

7

9

5

0

15

14

2

3

12

S8

x0000x

x0001x

x0010x

x0011x

x0100x

x0101x

x0110x

x0111x

x1000x

x1001x

x1010x

x1011x

x1100x

x1101x

x1110x

x1111x

0yyyy0

13

2

8

4

6

15

11

1

10

9

3

14

5

0

12

7

0yyyy1

1

15

13

8

10

3

7

4

12

5

6

11

0

14

9

2

1yyyy0

7

11

4

1

9

12

14

2

0

6

10

13

15

3

5

8

1yyyy1

2

1

14

7

4

10

8

13

15

12

9

0

3

5

6

11

read more..

Permutation P

show

Permutation P is processed on the 32-bit output block from eight S-Boxes.

National Bureau of Standards (NBS) - a U.S. agency which provides measures and standards; the name was used between 1901 and 1988, the agency is now known by its old name, the National Institute of Standards and Technology (NIST).

All permutation tables should be read row by row, from left to right, and from top to bottom.

The permutation of bits should be read as follows:

the first output bit is the bit from the input block of the position taken from the first row and the first column of the table,

the second output bit is the bit from the input block of the position taken from the first row and the second column of the table,

the third output bit is the bit from the input block of the position taken from the first row and the third column of the table,

...

the last output bit is the bit from the input block of the position taken from the first row and the last column of the table.